dsadd | new in WS2003 |
Adds users, groups, and other objects to Active Directory and configures AD quotas.
dsadd command switches [{-s Server|-d Domain}] [-u UserName] [-p {Password|*}] [-q] [-dsec Description]
command
Any dsadd command (see later list).
switches
Various switches that go with each command (see later list).
{-s Server | -d Domain}
Connects to a specified server or domain to run the command (if omitted, defaults to domain controller in logon domain).
[-u UserName] [-p {Password | *}]
Credentials for running the command. Specify UserName as domain\user or user@domain. If -p *, prompts for password.
-q
Runs in quiet mode to suppress standard output of command.
-desc Description
Specifies the description for the object.
Here is a list of supported dsadd commands with a brief description of their syntax (only the most commonly used switches are described):
dsadd computer ComputerDN
Adds a computer account to Active Directory with distinguished name ComputerDN.
dsadd contact ContactDN [-fn FirstName] [-ln LastName] [-email Email]
Adds a contact to Active Directory with distinguished name ContactDN.
dsadd group GroupDN [-secgrp {yes | no}] [-scope {l | g | u}]
Adds a group to Active Directory with distinguished name GroupDN. The -secgrp yes option creates a security group (the default) while the -scope option creates either a local, global, or universal group (default is global).
dsadd ou OrganizationalUnitDN
Adds an organizational unit to Active Directory with distinguished name OrganizationalUnitDN.
dsadd quota -part PartitionDN [-rdn RelativeDistinguishedName] -acct SecurityPrincipalDN -qlimit Value
Configures an Active Directory quota for the security principal specified by -acct SecurityPrincipalDN, limiting how many directory objects the security principal can own in the specified partition. To specify an unlimited quota, use -qlimit -1.
dsadd user UserDN [-upn UserPrincipalName] [-fn FirstName] [-ln LastName] [-display DisplayName] [-pwd {Password | *}] [-memberof Group;...] [-tel PhoneNumber] [-email Email] [-title Title] [-company Company] [-hmdir HomeDirectory] [-profile ProfilePath] [-pwdneverexpires {yes | no}] ...
Adds a user to Active Directory with distinguished name UserDN and properties specified by switches (there are many more).
Create a new computer account for the workstation DESK155 in the Sales organizational unit of the
mtit.local domain using the Administrator account for that domain:
dsadd computer CN=DESK155,OU=Sales,DC=mtit,DC=local -u Administrator -p * Enter Password:********** dsadd succeeded:CN=DESK155,OU=Sales,DC=mtit,DC=local
If you open Active Directory Users and Computers, you can see the new computer account in the Sales OU.
Create a new domain local group named Human Resources in the Sales OU of
mtit.local :
dsadd group "CN=Human Resources,OU=Sales,DC=mtit,DC=local" -scope l dsadd succeeded:CN=Human Resources,OU=Sales,DC=mtit,DC=local
Note the quotation marks in the example (required due to the space in the group name).
Create the user Bob Jones and add him to the Human Resources group:
dsadd user CN=bjones,OU=Sales,DC=mtit, DC=local -upn bjones@mtit.local -fn Bob -ln Jones -display "Bob Jones" -pwd Passw0rd -email bjones@mtit.com -memberof "CN=Human Resources,OU=Sales,DC=mtit,DC=local" dsadd succeeded:CN=bjones,OU=Sales,DC=mtit,DC=local
If you omit the distinguished name of the object you are creating, it is obtained from standard inputSTDINi.e., the keyboard, a redirected file, or piped output from another command. Use Ctrl-Z to indicate the end of file character for STDIN.
Active Directory , dsget, dsmod, dsmove, dsquery, dsrm,
Groups ,
Users